package org.dydl.common.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.dydl.common.util.MD5;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;


public class AuthenticationProviderCustom implements AuthenticationProvider {  
    private final UserDetailsService userDetailsService;  
    public AuthenticationProviderCustom(UserDetailsService userDetailsService) {  
        this.userDetailsService = userDetailsService;  
    }  
    @Override  
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {  
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;  
        String username = token.getName();  
        //从数据库找到的用户  
        UserDetails userDetails = null;  
        if(username != null) {  
            userDetails = userDetailsService.loadUserByUsername(username);  
        }  
        //  
        if(userDetails == null) {  
            throw new UsernameNotFoundException("用户名/密码无效");  
        }else if (!userDetails.isEnabled()){  
            throw new DisabledException("用户已被禁用");  
        }else if (!userDetails.isAccountNonExpired()) {  
            throw new AccountExpiredException("账号已过期");  
        }else if (!userDetails.isAccountNonLocked()) {  
            throw new LockedException("账号已被锁定");  
        }else if (!userDetails.isCredentialsNonExpired()) {  
            throw new LockedException("凭证已过期");  
        }  
        //数据库用户的密码  
        String password = userDetails.getPassword();  
        //与authentication里面的credentials相比较  
		if (!password.equals(MD5.encode(token.getCredentials().toString().getBytes()))) {  
            throw new BadCredentialsException("用户名/密码无效");  
            
        }

        //授权  
        return new UsernamePasswordAuthenticationToken(userDetails, password,userDetails.getAuthorities());  
    }  

	/**
	 * 验证码判断
	 * 
	 * @param request
	 * @return
	 */
	protected boolean checkValidateCode(HttpServletRequest request) {
		HttpSession session = request.getSession();
		String result_verifyCode = session.getAttribute("verifyResult").toString(); // 获取存于session的验证值
		// request.getSession().setAttribute("verifyResult", null);
		String user_verifyCode = request.getParameter("verifyCode");// 获取用户输入验证码
		if (null == user_verifyCode || !result_verifyCode.equalsIgnoreCase(user_verifyCode)) {
			return false;
		}
		session.removeAttribute("verifyResult");
		return true;
	}
	
	protected void checkUserInfo(HttpServletRequest request) {
		
	}

	@Override  
    public boolean supports(Class<?> authentication) {  
        //返回true后才会执行上面的authenticate方法,这步能确保authentication能正确转换类型  
        return UsernamePasswordAuthenticationToken.class.equals(authentication);  
    }  

}
